Authorization Frameworks
Authorization Protocols
Our platform utilizes the Open Authorization 2.1 (OAuth) standards to grant access to resources per the access control models outlined in the previous chapter. The OAuth standard defines four important roles:
The Resource Owner (RO)
Definition: The Resource Owner is an entity with the authority to grant access to a protected resource. This entity may be an individual (end-user), or an organization.
Sidenote: Delegated access happens when Resource Owners grant authorization to other entities, such as organizations, individual users, or applications, to perform actions on behalf of the Resource Owner.
The Resource Server (RS)
Definition: The Resource Server is an application hosting the protected resources. It handles requests for these resources from the Client and makes them available via an API after access token validation.
Sidenote: The Resource Server responds to these requests by validating the provided access tokens through various methods to ensure they are valid and authorize the request.
The Client
Definition: The Client is an application making requests for protected resources on behalf of the Resource Owner, with the Resource Owner's authorization obtained through the OAuth process.
Sidenote: The Client can be deployed on a variety of platforms, including but not limited to virtual machines, bare metal servers, desktops, edge devices, and IoT devices.
The Authorization Server (AS)
Definition: The Authorization Server is an application responsible for issuing access tokens to the Client following successful authentication of the Resource Owner and obtaining authorization.
To authorize end-users, we utilize the Authorization Code Flow with Proof Key for Code Exchange (PKCE). This can be implemented using client libraries for the following use cases:
Mobile Applications
Native Applications
SaaS Platforms
Websites
Desktop Applications
Single Sign-On (SSO)
To authorize applications, we utilize the Client Credential Flow. Which can be implemented using client libraries for the following use cases:
Scheduled Tasks and Cron Jobs
Data Synchronization
System-to-system integrations
Inter-Microservice Communication
Internet of Things (IoT) Device Communication
Automated Testing Environment
Still pending…
The Application Programming Interface (API)
The API acts as a communication channel between applications, enabling them to interact and exchange information with each other.
Supported Protocols: HTTP APIs & RESTful APIs
Protocols examples: HTTPS, RESTful APIs, SIP, SRTP, gRPC, AMQPS etc.
Privileges
Privileges are permissions assigned to an individual or groups. Privileges can be inherited by an overlapping entity.
Groups
Groups refers to collections of users or other entities that share a common set of privileges.
Permissions
Permissions refer to the declaration of actions that can be performed on a specific resource by a user or an application.
Scope
Scope refers to what an application can do on behalf of the user.
Last updated